Installation guide
Table Of Contents
- Table of Contents
- Introduction
- Unpacking and Installing the Switch
- Connecting the Switch to the Network
- Maintenance
- Removing a Hard Disk
- Index
Booting the Switch
ARX-1000 Hardware Installation Guide 3 - 27
Installing a Redundant Peer or Cluster
If you are installing the second switch in a redundant pair (called an ARX
cluster) or if you are configuring a second ARX cluster in a Disaster
Recovery (DR) configuration, you need to provide additional information to
the initial-boot script. All members of the cluster share a common master
key.
Note
A master key is an encryption key for all critical-security parameters
(CSPs), such as administrative passwords.
Redundant switches must use the same master key because they share the
same users, groups, and passwords. In the case of of a DR configuration, all
four ARX devices must be configured with a common master key.
At the peer that is currently installed, enter the
show master-key command
to create an encrypted copy of the master key.
The CLI prompts you for two passwords:
•
System Password is a password entered at initial-boot time (see Sample:
Booting a Non-Replacement Switch, on page 3-22). It is 12-32 characters
long. This validates that you have permission to access the master key.
•
Wrapping Password is set with this command. The security software uses
this to encrypt (and later decrypt) the master-key string.
Enter 12-32 characters. At least one character in this password must be a
number (0-9) or a symbol (!, @, #, $, and so on).
Save this password: you will need it to decrypt the master key later, on
the new switch.
This command outputs a base64-encoded string that is the encrypted master
key. Save this string and the wrapping password that you set in the
command.
For example, this shows the master key on a switch named “gffstnB:”
gffstnB# show master-key
Master Key System Password: %uper$ecretpw
Wrapping Password: an0ther$ecretpw
Validate Wrapping Password: an0ther$ecretpw
Encrypted master key:
2oftVCwAAAAgAAAApwazSRFd2ww/H1pi7R7JMDZ9SoIg4WGA/XsZP+HcXjsIAAAADDRbM
CxE/bc=
gffstnB# ...
Applying the Master Key
As shown earlier, there is a prompt for the master key in the initial-boot
script. You can answer this prompt with the encrypted master key; the script
then prompts for the wrapping password. For example,